I have recently deployed Splunk light for a trial.
It is on a Windows server, which is a domain member (single domain, single forest).
I have enabled the 'Splunk add-on for Windows' (and restarted).
I am using Splunk Web for all config etc.
I have then 'added data' with the 'Monitor -> Active Directory monitoring' option.
I created a dedicated, new index for this.
When I have finished the input seems to complete (I step through the GUI and get a green tick at the end) - however on the home page 'what to search' I see no hosts, sources or source types. It still says 'no data added, please add data'.
Within settings I can see the data input I just created, and I can see data flowing into the index.
Pretty sure I have missed something basic - any clues?
Thanks in Advance..
... View more